Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution. This is an out of cyle security release.

Drupal released security updates that address Drupal 9.2 and 9.3. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all Web & Sys admins to review and implement the updates.

WSO2 released security updates that addresses the ‘unrestricted file upload’ vulnerability affecting WSO2 products: API Manager, Identity Server, Identity Server Analytics, Identity Server as Key Manager and Enterprise Integrator.

Oracle released a critical patch (cumulative) update that addresses multiple vulnerabilities. Malicious actors are actively exploiting these vulnerabilities.

The GitLab team released security updates that address a critical security vulnerability that could be exploited by a malicious actor to seize control of accounts.

Malicious actors are actively exploiting a critical vulnerability in Apache Log4j Version 2.15.0 . This exploit may lead to remote code execution on targeted servers running the vulnerable Log4j version.